Problem

Goal

  • As a developer who (1) is experiencing a "weird" behavior of HTML tags suddenly being removed out of nowhere or (2) who wants to write code that happens to have to integrate with the front-end XSS security concept, I want to be able to find and read a bird-level description of the architectural concept, so that I can understand it and be sure that I'm not doing Something Completely Stupid™. :-)

Comments

tim.plunkett’s picture

tim.plunkett
he/him
Primary language English
Location Philadelphia
CreditAttribution: tim.plunkett commented
Priority: Critical » Major

Criticals are release blocking, this does not seem to be that.

sun’s picture

sun
Primary language German
Location Karlsruhe
CreditAttribution: sun commented
Issue tags: +Security, +DX (Developer Experience), +wysiwyg
mgifford’s picture

mgifford
he/him
Primary language English
CreditAttribution: mgifford commented
Issue tags: +Documentation

Where should this be added?

So we've got this class:

4. Because the mechanism for sidestepping the XSS-Protection-For-Editors step is an explicit class, it would be easy for the security team to scan for any modules implementing it and subject them to extra scrutiny.

Is it documenting what is in EditorSecurityTest.php?

mgifford’s picture

mgifford
he/him
Primary language English
CreditAttribution: mgifford commented
Assigned: Wim Leers » Unassigned
Wim Leers’s picture

Wim Leers
Location Ghent 🇧🇪🇪🇺
CreditAttribution: Wim Leers at Acquia commented
Status: Active » Fixed

This is now documented at https://www.drupal.org/developing/api/8/editor.

mgifford’s picture

mgifford
he/him
Primary language English
CreditAttribution: mgifford at OpenConcept Consulting Inc. commented

Thanks Wim!

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.